Survey of Code Review Tools / Survey of Code Review Tools

Žember, Martin

January 2011

In the present work we study behaviour of tools intended for code review and how they aim at eliminating security vulnerabilities. There is a lot of such tools, but a smaller set of them suffice to effectively improve the security of software. We provide results of empirical testing of these tools on artificial data in order to map vulnerability classes they are able to identify and also on real data in order to test their scalability.

source code; analysis; code review

The Operational Code of the Liberation Tigers of Tamil Eelam

2013 July 1900

The Tamil Tigers were one of the most organized, focused, and influential organizations in Asian politics during the last three decades. Throughout the existence of the organization, the goal of the LTTE was to establish a separate Tamil state – Tamil Eelam - comprising the Northern and Eastern parts of Sri Lanka where Tamil-speaking populations were dense. The Sri Lankan civil war, which ended in May of 2009, claimed tens of thousands of lives, displaced hundreds of thousands of residents, and impeded the economic well-being of Sri Lanka. This thesis employs the operational code analysis as a way to better understand the character, behaviour, and norms of the Liberation Tigers of Tamil Eelam. An additional purpose of this thesis is to test the utility of this model in the case of a terrorist organization such as the LTTE. The Operational Code Analysis framework was premiered by Nathan Leites in his two-part study of the Bolshevik Party, and was subsequently revived and re-imagined by a number of academics. The iteration of the Operational Code framework used in this thesis is a qualitative analysis which is comprised of ten questions: five ‘philosophical’ and five ‘instrumental’. This examination reveals that while this model has much to offer in analyzing this terrorist organization, it is in some ways a flawed method of exposition. However, the model produces unexpected insights about the stated beliefs of the LTTE.

LTTE

Sri Lanka

Operational Code Analysis

A Large-Scale Analysis of How OpenSSL Is Used in Open-Source Software

Heidbrink, Scott Jared

01 March 2018

As vulnerabilities become more common the security of applications are coming under increased scrutiny. In regards to Internet security, recent work discovers that many vulnerabilities are caused by TLS library misuse. This misuse is attributed to large and confusing APIs and developer misunderstanding of security generally. Due to these problems there is a desire for simplified TLS libraries and security handling. However, as of yet there is no analysis of how the existing APIs are used, beyond how incorrect usage motivates the need to replace them. We provide an analysis of contemporary usage of OpenSSL across 410 popular secure applications. These insights will inform the security community as it addresses TLS library redesign.

TLS

SSL

API

source code analysis

static code analysis

Computer Sciences

Statinės kodo analizės įrankių tyrimas ir tobulinimas / Research and development of static code analysis tools

Zonys, Andrius

26 August 2013

Šiame darbe aptariama statinė ir dinaminė kodo analizė, jų privalumai ir trūkumai, analizės įrankių tipai bei jų paskirtis. Analizuojami „Gendarme“, „Cppcheck“ ir „FindBugs“ statinės kodo analizės įrankiai. Plačiau analizuojamas laisvai platinamas statinės kodo analizės įrankis „Gendarme“. Pateikiamos spragos, rastos esamose „Gendarme“ taisyklėse bei siūlomi jų patobulinimai, kurie turėtų padėti aptikti daugiau klaidų ir padidinti programų spartą, stabilumą, saugumą ir kodo skaitomumą. Taip pat pateikiamos naujos sukurtos taisyklės, kurios turėtų padėti aptikti daugiau perteklinio, nelogiško kodo, kurio kompiliatorius neaptinka. Naujos taisyklės turėtų padėti supaprastinti programos kodą ir taip pagerinti jo skaitomumą bei aptikti daugiau spragų, kuriomis pasinaudojus galima įtakoti programų veikimą. Atliktas eksperimentinis tyrimas, kurio metu buvo išanalizuotos programos su patobulintu ir nepatobulintu „Gendarme“ statinės kodo analizės įrankiu. Pateikiami eksperimento rezultatai ir išvados. / This paper discusses the static and dynamic code analysis, their advantages and disadvantages, types of analysis tools and their purpose. Analyzes the "Gendarme", "Cppcheck" and "FindBugs" static code analysis tools. Wider analyzes the freely distributed static source code analysis tool "Gendarme". Presented gaps which were found in existing "Gendarme" rules and the proposed modifications, which should help to detect more errors and improve program performance, stability, security and code readability. It also introduces new rules, which should help to detect more excessive, illogical code, which are not detected by the compiler. As well as simplify the code and thus to improve its readability and detect more vulnerabilities, which may be used to affect the functioning of applications. Experimental research was carried out in which some programs were analyzed with improved and not improved static code analysis tool "Gendarme". Experimental results and conclusions are presented.

Informatics Engineering

Statinė analizė

Kodo tikrinimas

Kodo tikrinimo taisyklės

Static analysis

Code analysis

Code analysis rules

An ontology-based reengineering methodology for service orientation

Zhang, Zhuopeng

January 2009

The “Software as a Service” model in service-oriented computing allows loosely coupled software components to be designed and integrated with other software systems. Web services, together with service-oriented architectures, are promising integration technology to facilitate legacy system Webification. However, since most components in a legacy system were not designed and developed as services, the current software systems need to be converted into a set of loosely coupled services. Therefore, a service-oriented software reengineering process is essential for legacy systems to survive in the service-oriented computing environment. In this service-oriented software reengineering process, understanding, decomposing and reusing legacy code turn to be important activities. In this thesis, a methodology for Service-Oriented Software Reengineering (SOSR) is proposed to support the identification, extraction and integration of reusable legacy code. According to both the result of legacy system assessment and a service-oriented analysis and design process, a reengineering decision is made by proposed rules. Based on the service-oriented software reengineering decision, ontologies for SOSR, which consists of Domain Concept Ontology (DCO), Functionality Ontology (FO) and Software Component Ontology (SCO), are developed by the ontology development methodologies. These ontologies store knowledge on both application domain and code entities, which support further legacy code analysis. The identification of service candidates in legacy systems is achieved by mapping FO and SCO via a novel method combining Formal Concept Analysis (FCA) and Relational Concept Analysis (RCA). After the service candidates are identified, the reusable legacy code is extracted by dependency analysis and program slicing. Some rules are defined in code query language for the detection of dead code. Program slicing techniques are applied as main reverse engineering techniques to recover executable legacy code. An Executable Union Slicing (EUS) algorithm is defined to generate executable legacy components with high cohesion and low coupling properties. In the integration phase, extracted legacy components with core legacy code can either be wrapped into Web services for the service orchestration in the business layer, or be composed in a software service provider. The proposed SOSR methodology is proved flexible and practical to migrate legacy applications to service-oriented architectures by the case studies. It can be customised according to different legacy systems. This methodology can help software developers and maintainers to reengineer the tightly coupled legacy information systems to the loosely coupled and agile information systems.

005.1

Code Profiling : Static Code Analysis

Borchert, Thomas

January 2008

<p>Capturing the quality of software and detecting sections for further scrutiny within are of high interest for industry as well as for education. Project managers request quality reports in order to evaluate the current status and to initiate appropriate improvement actions and teachers feel the need of detecting students which need extra attention and help in certain programming aspects. By means of software measurement software characteristics can be quantified and the produced measures analyzed to gain an understanding about the underlying software quality.</p><p>In this study, the technique of code profiling (being the activity of creating a summary of distinctive characteristics of software code) was inspected, formulized and conducted by means of a sample group of 19 industry and 37 student programs. When software projects are analyzed by means of software measurements, a considerable amount of data is produced. The task is to organize the data and draw meaningful information from the measures produced, quickly and without high expenses.</p><p>The results of this study indicated that code profiling can be a useful technique for quick program comparisons and continuous quality observations with several application scenarios in both industry and education.</p>

code profile

static code analysis

software metrics

Computer science

Datavetenskap

Vulnerability Analysis of Vagrant Boxes

Holmqvist, Andreas, Lycke, Fredrik

January 2017

Virtual machines are often considered more secure than regular machines due to the abstraction from the hardware layer. Abstraction does provide some extra security benefits, but many vulnerabilities that exist on a regular machine still exist on virtual machines. Moreover, the sheer amount of virtual machines that are running on many systems makes it difficult to analyse potential vulnerabilities. Vagrant is a management tool for virtual machines packaged in what is called boxes. There are currently no way to automatically scan these Vagrant boxes for vulnerabilities or insecure configurations to determine whether or not they are secure. Therefore we want to establish a method to detect the vulnerabilities of these boxes automatically without launching the box or executing code. There are two main parts in the method used to investigate the boxes. First there is the base box scanning. A base box is an image of which the final box is built upon. This base box is launched, a list of packages is extracted, and the information is then sent to a vulnerability scanner. There is also the analysis of the Vagrantfile. The Vagrantfile is the file that is used to ready the base box with needed software and configurations. The configuration file is written in Ruby and in order to extract information from this file a static code analysis is performed. The result for each box scanned is a list of all the vulnerabilities present on the base box as well as security configurations like SSH settings and shared folders that is retrieved from the Vagrantfile. The results are not completely accurate because the base box is used for the scan, rather than the box itself. Some of the configurations in the Vagrantfiles could not be retrieved because it required code execution or support for configurations done in by other means, like bash. The method does however provide a good indication of how many vulnerabilities a given box possesses.

Vagrant

Static code analysis

Vulnerability

Engineering and Technology

Teknik och teknologier

INCORPORATING CERT SECURE CODING STANDARDS IN TERMS OF UNDEFINED BEHAVIOR AND USELESS CONDITIONS INTO THE CPPCHECK PROJECT

Anwar, Alsulaiman Z.

01 August 2014

No description available.

Computer Science

Bobox Runtime Optimization / Bobox Runtime Optimization

Krížik, Lukáš

January 2015

The goal of this thesis is to create a tool for an optimization of code for the task-based parallel framework called Bobox. The optimizer tool reduces a number of short and long running tasks based on a static code analysis. Some cases of short-running tasks cause an unnecessary scheduling overhead. The Bobox scheduler can schedule a task even though the task does not have all input data. Unless, the scheduler has enough information not to schedule such task. In order to remove such short-running task, the tool analyses its input usage and informs the scheduler. Long-running tasks inhibit a parallel execution in some cases. A bigger task granularity can significantly improve execution times in a parallel environment. In order to remove a long-running task, the tool has to be able to evaluate a runtime code complexity and yield a task execution in the appropriate place. Powered by TCPDF (www.tcpdf.org)

Test-case-based call graph construction in dynamically typed programming languages

Pereira, Gabriel Maier Fernandes Vidueiro

January 2015

Evolução de software é uma das atividades mais desafiadoras do processo de desenvolvimento de software. Uma importante questão associada à essa atividade é a correta compreensão do código fonte e outros artefatos que necessitam ser mantidos e evoluídos. Visando auxiliar desenvolvedores na manutenção de código, Integrated Development Environments (IDE’s) proporcionam ferramentas que informam desenvolvedores sobre as dependências e as particularidades do código a ser modificado. No entanto, linguagens dinamicamente tipadas não definem tipos explicitamente no código fonte, o que dificulta a análise estática do código e consequentemente a contrução dessas ferramentas. Como exemplo, a construção de call graphs (grafos de chamadas), utilizados pelas IDE’s para criar ferramentas de navegação de código, é prejudicada pela ausência da definição de tipos. Para abordar o problema da criação de call graphs para linguagens dinamicamente tipadas, propomos uma técnica dividida em passos para a construção de um call graph baseado em informações extraídas da execução de testes. A técnica é dividida em 3 passos, o Passo #1 cria um call graph conservativo e estático que resolve chamadas de métodos baseado apenas em nomes dos métodos, ainda no primeiro passo, testes são executados e seu traço de execução é armazenado para posterior análise. O Passo #2 combina a informação armazenada da execução dos testes e o call graph construído no primeiro passo, o Passo #2 também é responsável pela criação de um conjunto de regras de associação que servirão para guiar desenvolvedores durante a criação de novas partes do código. Nossa avaliação em uma aplicação real de porte grande mostrou que a técnica melhora a precisão do call graph criado removendo arestas desnecessárias (70%), e mostrou-se apta a auxiliar desenvolvedores definindo pontos de navegação no código baseada na análise de regras de associação extraídas do test-case-based call graph. / Evolving enterprise software systems is one of the most challenging activities of the software development process. An important issue associated with this activity is to properly comprehend the source code and other software assets that must be evolved. To assist developers on these evolution tasks, Integrated Development Environments (IDEs) build tools that provides information about the source code and its dependencies. However, dynamically typed languages do not define types explicitly in the source code, which difficult source code analysis and therefore the construction of these tools. As an example, the call graph construction, used by IDE’s to build source code navigation tools, is hampered by the absence of type definition. To address the problem of constructing call graphs for dynamic languages, we propose a technique based on steps to build a call graph based on test runtime information, called test-case-based call graph. The technique is divided in three steps; Step #1 creates a conservative and static call graph that decides target nodes based on method names, and the first step also run tests profiling its execution; Step #2 combines the test runtime information and the conservative call graph built in the first step to create the test-case-based call graph, it also creates a set of association rules to guide developers in the maintenance while creating new pieces of code; Finally, Step #3 uses the test-case-based call graph and the association rules to assist developers in source code navigation tasks. Our evaluation on a large-size real-world software shows that the technique increases call graph precision removing several unnecessary conservative edges ( %70), and assist developers filtering target nodes of method calls based on association rules extracted from the call graph.

Grafos

Linguagens : Programacao

Dynamic languages

Source code analysis

Call graphs

Ruby